Scyper Skrevet 12. september 2008 Del Skrevet 12. september 2008 skrivebordet mitt på pcen xP forsvinner 5 sec etter opp start så driver det og kommer te bake og forsvinner vært 5 sec og legger ned alt av spill og vinduer på pcen. vetikke om det er et virus eller hva det er men jeg har prøvd alt JEG kan superantispyware og en god del andre programmer Hijackthis 2.0 også noen som har en ide om hva det kan være ? trenger hjelp fort Takker på forhand ( btw har vista hvis det har noe og si ) Lenke til kommentar
InsertNumLock Skrevet 12. september 2008 Del Skrevet 12. september 2008 (endret) Kan du poste loggen fra hijackthis? Googlet litt rundt. Virker som dette er et problem lokalisert i regedit: Kan du prøve dette: Logg på maskinen. Trykk Ctr + Alt + Del. Trykk fil, ny oppgave, skriv regedit.exe følg stien HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Windows NT -> Current Version -> og trykk på winlogon en gang. Finn Shell i listen som kommer opp, og dobbelklikk på den. Skriv explorer.exe, om det står explorer.exe fra før, så visker du det ut og skriver det en gang til. Restart maskinen og rapporter her. Endret 12. september 2008 av Hille Lenke til kommentar
Scyper Skrevet 12. september 2008 Forfatter Del Skrevet 12. september 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:27:44, on 12.09.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Safe mode with network support Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Benjamin\AppData\Local\Temp\pmnoOEtR.dll,c O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 4793 bytes nr jeg trykker ny oppgave eller hva nå en det var svarer ikke programmet og hele pcen henger seg opp :/ Lenke til kommentar
Scyper Skrevet 12. september 2008 Forfatter Del Skrevet 12. september 2008 (endret) Driver fremdeles med det samme :/ har prøvd det du sa Endret 12. september 2008 av Scyper Lenke til kommentar
InsertNumLock Skrevet 12. september 2008 Del Skrevet 12. september 2008 (endret) fjerne, O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Benjamin\AppData\Local\Temp\pmnoOEtR.dll,c Edit: Du kan forresten laste ned LSPFix, og kjøre en reparer på følgende fil: wrnetdrv.dll Edit2: og med det samme vi er i gang så kan du laste ned http://downloads2.superantispyware.com/dow...iSpywarePro.exe kjør full systemscan. Forhåpentligvis så finner den en fil som heter Vundo. Vundo skaper problemer for shell, som fører til at explorer krasjer slik som den gjør hos deg. Endret 12. september 2008 av Hille Lenke til kommentar
Scyper Skrevet 12. september 2008 Forfatter Del Skrevet 12. september 2008 HKEY_LOCAL_MACHINE\SYSTEM+CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMENTERS IS MISSING OR COULD NOT BE ACCESSED HVA SKAL JEG GJØRE... ops caps ;P Lenke til kommentar
InsertNumLock Skrevet 12. september 2008 Del Skrevet 12. september 2008 Er du innlogget som administrator? Lenke til kommentar
Scyper Skrevet 12. september 2008 Forfatter Del Skrevet 12. september 2008 ja har kun 1 bruker på pcen Lenke til kommentar
InsertNumLock Skrevet 12. september 2008 Del Skrevet 12. september 2008 I mellomtiden kan du teste det jeg skrev under edit2, om du ikke allerede er i gang :] Lenke til kommentar
snippsat Skrevet 12. september 2008 Del Skrevet 12. september 2008 To valg du kan prøve. 1. Sett den tilbake da dette ikke var et problem. Start->kjør Lim inn fet tekst %systemroot%\system32\restore\rstrui.exe 2. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Lenke til kommentar
Scyper Skrevet 13. september 2008 Forfatter Del Skrevet 13. september 2008 ossen skal jeg klare og kjøre et program når jeg ikke får trykt på snart knappen for den fovinner også :/ Lenke til kommentar
Scyper Skrevet 13. september 2008 Forfatter Del Skrevet 13. september 2008 finner ikke C:\Windows\system32\restore\rstrui.exe. Lenke til kommentar
norbat Skrevet 13. september 2008 Del Skrevet 13. september 2008 Prøv fra sikker modus (tapp F8 under oppstart) Lenke til kommentar
Scyper Skrevet 13. september 2008 Forfatter Del Skrevet 13. september 2008 ok med internett da eller? Lenke til kommentar
norbat Skrevet 13. september 2008 Del Skrevet 13. september 2008 Hvis du ikke har lastet ned combofix, så starter du med nettverk og får lastet ned progarmmet. Lenke til kommentar
Scyper Skrevet 13. september 2008 Forfatter Del Skrevet 13. september 2008 jeg har registrert versjon av spyware doctor og den fant trojan dowloader og trojanske hester og fjernet det med det er fremdels samme problemet SUPERantispyware finner vundo men det blir ikke fjerna uansett hvor mange ganger jeg prøver... Lenke til kommentar
norbat Skrevet 13. september 2008 Del Skrevet 13. september 2008 Derfor skal du kjøre combofix. Den vil, i tillegg til å fjerne en hel del vundo-filer, lage en logg som kan fortelle om det er flere filer som skal fjernes. Lenke til kommentar
Scyper Skrevet 13. september 2008 Forfatter Del Skrevet 13. september 2008 ok skal prøve det også Lenke til kommentar
Scyper Skrevet 13. september 2008 Forfatter Del Skrevet 13. september 2008 ComboFix 08-09-12.07 - Benjamin 2008-09-13 13:37:27.1 - NTFSx86 NETWORK Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1044.18.616 [GMT 2:00] Running from: C:\Users\Benjamin\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Benjamin\DOCUME~1\My Documents.url C:\Users\Benjamin\Documents\My Documents.url C:\Windows\system32\m3 C:\Windows\system32\MSINET.oca C:\Windows\system32\t1 . ((((((((((((((((((((((((( Files Created from 2008-08-13 to 2008-09-13 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-13 11:41 --------- d---a-w C:\PROGRA~2\TEMP 2008-09-13 10:42 --------- d-----w C:\Program Files\Spyware Doctor 2008-09-12 22:00 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-09-12 21:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-12 16:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-12 16:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-09-12 13:55 --------- d-----w C:\Program Files\Camtech 2008-09-10 20:41 --------- d-----w C:\PROGRA~2\Microsoft Help 2008-09-10 20:38 --------- d-----w C:\Program Files\Microsoft Works 2008-09-10 20:04 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-10 20:04 --------- d-----w C:\PROGRA~2\Malwarebytes 2008-09-10 19:25 --------- d-----w C:\Program Files\RogueRemover FREE 2008-09-10 19:16 1,864 ----a-w C:\Windows\System32\tmp.reg 2008-09-09 22:08 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-09 22:08 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-09-09 13:20 --------- d-----w C:\Program Files\UltimateEnhancer 2008-09-08 21:38 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe 2008-09-08 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-08 13:09 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-09-08 12:55 --------- d-----w C:\Program Files\UltimateContext 2008-09-07 10:49 --------- d-----w C:\Program Files\Warcraft III 2008-09-02 14:51 86,528 ----a-w C:\Windows\System32\VACFix.exe 2008-09-01 13:18 --------- d-----w C:\Program Files\Logitech 2008-09-01 13:18 --------- d-----w C:\PROGRA~2\Logitech 2008-08-31 15:33 --------- d-----w C:\Program Files\EA GAMES 2008-08-30 20:41 --------- d-----w C:\Program Files\Echo Images 2008-08-30 20:24 --------- d-----w C:\Program Files\Ashampoo 2008-08-30 17:16 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-29 18:34 147,456 ----a-w C:\Users\Benjamin\vbzip10.dll 2008-08-29 18:34 115,968 ----a-w C:\Users\Benjamin\a.zip 2008-08-29 18:30 71 ----a-w C:\Users\Benjamin\1480.bat 2008-08-29 18:30 550 ----a-w C:\Users\Benjamin\417.bat 2008-08-29 18:30 44,544 ----a-w C:\Users\Benjamin\index.exe 2008-08-28 20:36 82,432 ----a-w C:\Windows\System32\IEDFix.C.exe 2008-08-28 17:14 --------- d-----w C:\Program Files\MSBuild 2008-08-28 17:13 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-28 17:10 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-08-25 15:33 --------- d-----w C:\Program Files\PFConfig 2008-08-25 09:36 81,288 ----a-w C:\Windows\system32\drivers\iksyssec.sys 2008-08-25 09:36 66,952 ----a-w C:\Windows\system32\drivers\iksysflt.sys 2008-08-25 09:36 40,840 ----a-w C:\Windows\system32\drivers\ikfilesec.sys 2008-08-18 10:19 82,432 ----a-w C:\Windows\System32\404Fix.exe 2008-08-16 21:43 --------- d-----w C:\Program Files\Windows Mail 2008-08-07 19:59 160,792 ----a-w C:\Windows\system32\drivers\pctfw2.sys 2008-08-07 19:38 --------- d-----w C:\Program Files\MSN Messenger 2008-08-07 15:34 --------- d-----w C:\Program Files\Windows Live 2008-08-07 15:25 --------- d-----w C:\PROGRA~2\WLInstaller 2008-08-03 11:35 --------- d-----w C:\Program Files\Rockstar Games 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-19 17:48 137,840 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-07-19 17:47 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-07-19 12:11 674,600 ----a-w C:\Windows\System32\pbsvc.exe 2008-07-19 12:11 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-07-19 10:16 --------- d-----w C:\PROGRA~2\Blueberry 2008-07-19 10:14 4,608 ----a-w C:\Windows\System32\bbchlp.dll 2008-07-19 10:14 4,096 ----a-w C:\Windows\system32\drivers\bbcap.sys 2008-07-19 10:14 30,720 ----a-w C:\Windows\System32\bbcap.dll 2008-07-19 10:14 --------- dc-h--w C:\PROGRA~2\{21C1E35C-913A-42D2-91B6-6AE1243D6B65} 2008-07-19 10:14 --------- d-----w C:\Program Files\Common Files\Blueberry Software 2008-07-19 10:14 --------- d-----w C:\Program Files\Blueberry Software 2008-07-19 10:14 --------- d-----w C:\PROGRA~2\LogSys 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-14 14:07 --------- d-----w C:\Program Files\LimeWire 2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-06-26 22:08 230,432 ----a-w C:\PA7311.DAT 2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll 2008-06-26 03:29 565,248 ----a-w C:\Windows\System32\emdmgmt.dll 2008-06-26 03:29 45,056 ----a-w C:\Windows\System32\dataclen.dll 2008-06-26 03:29 303,616 ----a-w C:\Windows\System32\wmpeffects.dll 2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll 2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll 2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL 2008-06-10 20:23 174 --sha-w C:\Program Files\desktop.ini 2008-02-06 21:58 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096] "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640] "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "LogonHoursAction"= 2 (0x2) "DontDisplayLogonHoursWarnings"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.CLBR"= P1001Dex.ax "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{54B3C897-4F1B-4D71-A004-961FBC3D1F9E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{3B18BBAE-4277-4DE3-9DAE-060D8C44B129}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{80F0A52C-23B3-4405-8026-CB6E58171DDE}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{CB6ACE65-5104-4CCC-A61E-123C482B79DB}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III "{BC43E45D-DD99-4CB2-A0DA-5BB8170958EB}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA "{ADC010B9-6E57-489B-A885-823D698ECF38}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA "{29A9655F-5516-4E36-9888-DC2996293538}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{A8F8EEDB-5E61-4A88-B871-60731AD852CC}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{5F9C2C47-1D7A-4EB4-B414-042986554F06}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{E4103036-3CC9-4EC2-897F-DD9402DBFA13}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{19B0B253-6ADF-4C4B-A4F4-9435919DA318}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{9A45DBF0-E0F3-490C-A368-05874CBF613D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{9212BA77-2522-45EB-88C9-B822341080B6}"= UDP:3724:Blizzard Downloader "TCP Query User{A7D72A81-69CA-4FA5-AAAE-72F89965143A}C:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= UDP:C:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient "UDP Query User{887C9BE8-7824-46BE-8088-A463D6947F9E}C:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= TCP:C:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient "{BFEA77D4-DD61-4869-8268-90ED2EB84F5B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{EE02480F-569B-44BD-B7C4-5A5F27F9F510}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{18492534-9809-435D-86EE-B95857CC3ACC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{6523DFC6-0DA3-4893-84A0-83BCBAC73BFC}C:\\program files\\valve\\steam\\steamapps\\didd_cool\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\didd_cool\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{4AB71DC9-3C5C-4896-AA1F-474A2CA8AA47}C:\\program files\\valve\\steam\\steamapps\\didd_cool\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\didd_cool\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{C9E52546-3FAD-4F6A-B2A7-726821F8C418}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{F391D1C3-32E5-48FB-810F-ACCC109B3F1C}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "{BDDD5CB5-CE23-492E-B91C-4D928849B98A}"= UDP:6112:warcraftIII1 "{043A2A50-2625-47D0-8C40-0B9A16878D16}"= UDP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne "{C9D28DCD-236F-4031-8F6F-CD83F4082F0E}"= TCP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne "{F18C0B77-685E-4651-9017-2688A0B70357}"= UDP:6881:Blizzard Downloader "TCP Query User{5B25CD3C-9EA9-4B50-9092-299F648EC978}C:\\program files\\garena\\garena.exe"= UDP:C:\program files\garena\garena.exe:Garena "UDP Query User{A2B439CE-005F-4D8B-B899-155F41E3CEE1}C:\\program files\\garena\\garena.exe"= TCP:C:\program files\garena\garena.exe:Garena "TCP Query User{29C1FF80-E923-4370-B9E8-3C8C9C71F630}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "UDP Query User{07C7CCEE-9C1E-4395-8C52-CD4A6A8BC9F8}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "TCP Query User{A89D4FD0-8057-41CA-B72A-6113274A12C6}C:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= UDP:C:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II "UDP Query User{9B3517EC-33D6-4BD6-9AAB-E24EB64F64CF}C:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= TCP:C:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II "TCP Query User{9069395E-CBEB-4653-836F-3DFC82946750}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{C5F514DB-DCC4-4AA8-B517-BCC83F1937FB}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire "TCP Query User{AFE0D8DD-BA09-421B-8283-2022F04D3DC1}C:\\program files\\valve\\steam\\steamapps\\dragon_cs588\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\dragon_cs588\counter-strike source\hl2.exe:hl2 "UDP Query User{5A9DC313-ED4B-4606-A798-BED8B8A37FBA}C:\\program files\\valve\\steam\\steamapps\\dragon_cs588\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\dragon_cs588\counter-strike source\hl2.exe:hl2 "TCP Query User{F678E2C7-5DB4-47A2-A8BC-C3599DDA1779}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{D9316544-195B-454F-A0FA-B3FECD77643B}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "TCP Query User{B387062F-3B80-41C0-9FC6-F661A0E65C1A}C:\\program files\\garena\\garena.exe"= UDP:C:\program files\garena\garena.exe:Garena "UDP Query User{41B25842-C0A3-4E16-90A6-07F8D80E38C8}C:\\program files\\garena\\garena.exe"= TCP:C:\program files\garena\garena.exe:Garena "{7A1EA3C0-B68E-446E-8C1C-B6A75F8D50DD}"= UDP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne "{5A2E1F08-44B1-4BFC-848D-4B572A9BE10E}"= TCP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne "TCP Query User{39C93D76-1DB5-4BEC-9D35-1E323427D2F2}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{4D3ECD09-27AA-4743-BE5E-FB2ECBCE75D5}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{6047DE9F-4E1A-4882-AC13-5953DE954D6D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{00C28DE6-0BCE-4609-A9EF-B0F939FA6DDD}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "{A177F5FE-2F30-4C0E-A01A-0C80F506294A}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{B87A0A2A-03C4-469D-AA17-73AC93A7FB42}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{4E1C58B3-C8A5-4A17-B298-199EAD80070B}"= UDP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable "{2CC69684-69F6-46DC-89CF-EFC18052B9E7}"= TCP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable "{35C8F5D1-3444-4CEF-B062-305C94CAAB51}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{F7B77449-E39D-4882-8383-06B93997A060}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{386B9435-8A1E-486A-A3B1-3AA51F1970EC}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{417F2B31-4411-4BD7-A5E0-D9F4B5C7C9C9}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{42277855-9600-40F6-BDDA-38214962B423}"= UDP:C:\Users\Benjamin\Desktop\pbsetup.exe:pbsetup "{9111C5FE-362D-4C1C-A721-A3ACF34B6B33}"= TCP:C:\Users\Benjamin\Desktop\pbsetup.exe:pbsetup "{D043B70E-5344-494B-9E24-0A86936D56CB}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{9A62623F-81B1-4596-AF83-B9B950E3D8A3}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{7CBF5029-3657-4562-90B5-15BC41616DBF}C:\\program files\\valve\\steam\\steamapps\\dragon_cs588\\source dedicated server\\srcds.exe"= UDP:C:\program files\valve\steam\steamapps\dragon_cs588\source dedicated server\srcds.exe:srcds "UDP Query User{B2047309-BE2B-4A1D-BBD6-4AA67098FBA6}C:\\program files\\valve\\steam\\steamapps\\dragon_cs588\\source dedicated server\\srcds.exe"= TCP:C:\program files\valve\steam\steamapps\dragon_cs588\source dedicated server\srcds.exe:srcds "TCP Query User{08DBFA6F-B822-44D9-B918-F92A46772B58}C:\\program files\\valve\\steam\\steamapps\\dragon_cs588\\dedicated server\\hlds.exe"= UDP:C:\program files\valve\steam\steamapps\dragon_cs588\dedicated server\hlds.exe:HLDS Launcher "UDP Query User{9361B889-F2C3-454F-A501-C90DAD4A6456}C:\\program files\\valve\\steam\\steamapps\\dragon_cs588\\dedicated server\\hlds.exe"= TCP:C:\program files\valve\steam\steamapps\dragon_cs588\dedicated server\hlds.exe:HLDS Launcher "{373B7BDC-9087-46FE-9779-CB26AE6F0BCB}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{3B9DC44F-90BD-4A31-89EB-5011DAF4CB4E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{07CDA3F3-48DF-4E74-B88A-25269433B5F0}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{0A42AB07-C1D2-44BF-BD52-B8AAB46BFC6A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D0EABA48-5773-46CA-983E-E61AF50116DF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2008-08-07 160792] S2 AVWEBCAM;AV WebCam, WDM Video Capture;C:\Windows\system32\DRIVERS\avwebcam.sys [2005-11-22 215552] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320] S3 bbcap;bbcap;C:\Windows\system32\DRIVERS\bbcap.sys [2008-07-19 4096] S3 P1001VID;Creative WebCam (WDM);C:\Windows\system32\DRIVERS\P1001Vid.sys [2002-01-30 395224] S3 PAC7311;Trust Webcam 14839;C:\Windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752] S4 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-18 554616] S4 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2007-12-14 184976] S4 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-30 87288] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc *Newly Created Service* - ECACHE . - - - - ORPHANS REMOVED - - - - HKLM-RunOnce-<NO NAME> - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\sdg0lqij.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.nettby.no/ FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npracplug.dll FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF -: plugin - C:\Users\Benjamin\Program Files\DNA\plugins\npbtdna.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-13 13:41:58 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-13 13:43:32 ComboFix-quarantined-files.txt 2008-09-13 11:43:20 Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Post-Run: 142,133,649,408 byte ledig 258 --- E O F --- 2008-09-12 21:19:56 Lenke til kommentar
r2d290 Skrevet 13. september 2008 Del Skrevet 13. september 2008 Kjenner du til disse mappene, og dets innhold? C:\Program Files\UltimateEnhancer C:\Program Files\UltimateContext C:\Program Files\Echo Images Merk: gå gjennom kodeboksen nedenfor, og se at du ikke kjenner igjen noen av filene som står der. Ikke følg denne veiledningen hvis du kjenner igjen det som er oppgitt nedenfor Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: C:\Users\Benjamin\vbzip10.dll C:\Users\Benjamin\a.zip C:\Users\Benjamin\1480.bat C:\Users\Benjamin\417.bat C:\Users\Benjamin\index.exe Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå